JVNDB-2012-000031

ActiveScriptRuby vulnerable to arbitrary Ruby script execution

ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on a web browser that can execute ActiveX controls when HTML is displayed.

ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed.

Moca reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.